Alabama hospitals forced to close after ransomware attack


  • Three hospitals in Alabama were forced to close due to a ransomware attack; this comes several days after a similar attack took place in seven hospitals in Victoria, Australia.
  • Nonprofit firm, DCH Health System, said in a statement “a criminal is limiting our ability to use our computer systems in exchange for an as-yet unknown payment”. The form of ransomware used and whether the attacks in Alabama and Victoria are linked is unknown.

*Source: SiliconAngle, October 02, 2019


20M Russians’ Personal Tax Records Exposed in Data Leak


  • A database holding more than 20 million Russian tax records was found unprotected, leaving personal tax data accessible to anyone with a web browser, researchers reported this week.
  • The AWS Elasticsearch cluster contained data on Russian citizens spanning from 2009 to 2016. No password or any authentication was needed to access the cluster, leaving personal tax data accessible to anyone with a web browser. Researchers cannot confirm whether the data was taken.

*Source: DarkReading, October 03, 2019

64% of IT decision-makers have reported a breach in their ERP systems in the past 24 months


  • ERP system breaches have been reported by 64% of the 191 IT decision-makers surveyed, whose organizations rely either on SAP or Oracle E-Business Suite.
  • Applications like SAP or Oracle E-Business Suite can be foundational for businesses. A breach of such critical ERP applications can lead to unexpected downtime, increased compliance risk, diminished brand confidence, and project delays.

*Source: Helpnet Security, October 02, 2019

Yahoo could owe you $358 or more as a part of its data breach settlement


  • If you had a Yahoo account any time between 2012 and 2016, you could get a compensation of $358 or more for your losses as part of Yahoo’s data breach settlement.
  • Over several years, hackers were able to gain access to over 3 billion Yahoo accounts, email addresses, calendars, contacts, birth dates, passwords and answers to security questions in at least three separate attacks. If you had an account any time between 2012 and 2016 and are a resident of the US or Israel, you are part of the settlement class and can file a claim for part of the $117,500,000 settlement fund.

*Source: msn, October 8, 2019

Tu Ora Data Breach Exposed Medical and Personal Data of 1 Million People


  • Extending the trail of breaches happening recently, now joins New Zealand based primary health organization (PHO), Tu Ora, having suffered a breach that exposed medical and personal data of 1 million people.
  • The organization suffered a cyber attack on its website on August 2019. While investigating the recent incident, they found previous such attacks dating from 2016 to early March 2019. Since Tu Ora holds a database of people dating back to 2002, they revealed that the incidents may have affected the people enrolled with them. While they aren’t sure if those attacks impacted people’s data, they still disclosed the incidents to keep people informed.

*Source: Latest Hacking news, October 07, 2019

Twitter Took Phone Numbers for Security and Used Them for Advertising


  • Twitter announces that they may have inadvertently used phone numbers taken for security for advertising.
  • Twitter says it cannot say with certainty how many people were impacted by this issue of using personal phone numbers for advertising purposes. Facebook did something similar to phone numbers provided by users for two-factor authentication, as confirmed by the company last year. This could make people think twice about using a phone number to secure their accounts at all.

*Source: Vice, October 09 2019

Amazon Workers May Be Watching Your Cloud Cam Home Footage


  • If you own Amazon’s indoor security camera Cloud Cam, you should know that you are at risk of Amazon workers watching your home footage.
  • Dozens of Amazon workers based in India and Romania review select clips captured by Cloud Cam which are used to train the AI algorithms to do a better job distinguishing between a real threat and a false alarm. Nowhere in the Cloud Cam user terms and conditions does it state that human beings are training the algorithms behind their motion detection software. Amazon continues to insist that all the clips are provided voluntarily despite evidence suggesting otherwise.

*Source: Bloomberg, October 10 2019